Deprecate shouldFilterAllDispatcherTypes

Closes gh-12138
3 years ago · 01d1e20dc3
2 changed files with 37 additions and 1 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
@ -194,7 +194,25 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
				@@ -194,7 +194,25 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 		 * @return the {@link AuthorizationManagerRequestMatcherRegistry} for further
 		 * customizations
 		 * @since 5.7
+		 * @deprecated Permit access to the {@link jakarta.servlet.DispatcherType}
+		 * instead. <pre>
+		 * &#064;Configuration
+		 * &#064;EnableWebSecurity
+		 * public class SecurityConfig {
+		 *
+		 * 	&#064;Bean
+		 * 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		 * 		http
+		 * 		 	.authorizeHttpRequests((authorize) -&gt; authorize
+		 * 				.dispatcherTypeMatchers(DispatcherType.ERROR).permitAll()
+		 * 			 	// ...
+		 * 		 	);
+		 * 		return http.build();
+		 * 	}
+		 * }
+		 * </pre>
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public AuthorizationManagerRequestMatcherRegistry shouldFilterAllDispatcherTypes(boolean shouldFilter) {
 			this.shouldFilterAllDispatcherTypes = shouldFilter;
 			return this;
--- a/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
@ -1,5 +1,5 @@
				@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -170,7 +170,25 @@ public class AuthorizationFilter extends GenericFilterBean {
				@@ -170,7 +170,25 @@ public class AuthorizationFilter extends GenericFilterBean {
 	 * @param shouldFilterAllDispatcherTypes should filter all dispatcher types. Default
 	 * is {@code true}
 	 * @since 5.7
+	 * @deprecated Permit access to the {@link jakarta.servlet.DispatcherType} instead.
+	 * <pre>
+	 * &#064;Configuration
+	 * &#064;EnableWebSecurity
+	 * public class SecurityConfig {
+	 *
+	 * 	&#064;Bean
+	 * 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+	 * 		http
+	 * 		 	.authorizeHttpRequests((authorize) -&gt; authorize
+	 * 				.dispatcherTypeMatchers(DispatcherType.ERROR).permitAll()
+	 * 			 	// ...
+	 * 		 	);
+	 * 		return http.build();
+	 * 	}
+	 * }
+	 * </pre>
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public void setShouldFilterAllDispatcherTypes(boolean shouldFilterAllDispatcherTypes) {
 		this.observeOncePerRequest = !shouldFilterAllDispatcherTypes;
 		this.filterErrorDispatch = shouldFilterAllDispatcherTypes;